English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 64745/64745 (100%)
造訪人次 : 20472240      線上人數 : 359
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/9197


    題名: 封包標記技術在協同追蹤與防禦系統之應用;An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System
    作者: 游秉賢;Ping-Hsien Yu
    貢獻者: 資訊工程研究所
    關鍵詞: 重疊網路;分散式阻斷服務攻擊;封包標記;packet marking;DDoS;overlay network
    日期: 2006-07-05
    上傳時間: 2009-09-22 11:42:58 (UTC+8)
    出版者: 國立中央大學圖書館
    摘要: 近年來網路攻擊事件層出不窮,而在所有的攻擊行為中,易造成巨大損害的是分散式阻斷服務攻擊(Distributed Denial of Service,簡稱DDoS)。由於攻擊者大都會偽造封包的來源位址,以隱藏攻擊者的位置,造成追蹤攻擊來源不易,所以本論文提出利用封包標記的技術來判讀攻擊發起與追蹤攻擊者的來源位置,並協同重疊網路防禦系統進行精確位置之阻擋攻擊流量,以達到阻擋DDoS攻擊之目的。封包標記是利用IP標頭一些很少使用的欄位,以機率來選擇填入封包經過的部份路徑資料,縱使攻擊者偽造來源位址,也可以從多個封包的記號找出攻擊路徑資訊,同時提出利用封包標記的路徑資訊來發現不符合繞徑位置的來源位址,協助判讀攻擊封包之發生。最後本文以實作來證明封包標記技術應用於協同追蹤與防禦系統的可行性,並將本文所提出之利用標記的路徑資訊來判斷攻擊封包之方法整合到Snort的偵測功能,實驗結果顯示本系統可以追出攻擊來源,且有效阻擋DDoS攻擊。 With the extreme popularity of Internet, network attacks emerge in an endless stream in recent years. One of the most serious attacks is distributed denial of service attack (DDoS), which easily causes large damage. DDoS attackers usually forge the source address of IP packet to hide their positions such that it is difficult to trace back attackers. To alleviate DDoS, this work takes advantage of the packet-marking method to trace the attacker’s location, as well as to detect DDoS attacks. Once detecting and locating DDoS attacks, this work initiates an overlay-network defense system to block the attacks. The basic concept of the packet-marking method is to insert some route information into rare-used fields of IP header. The insertion is based on probability. Even if attackers forges the source address of IP packet, this method can find out the attacking path by using the route information carried by the marked packets. With the attacking path, our work is also able to detect some attack packets, which have same source address but come from different far routers. Finally, this work implemented a system based on the packet marking method and the overlay-network defense approach. And this work integrated a new detection method based on packet marking into Snort. The experimental results show that our system can detect, locate, and block DDoS effectively.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    0KbUnknown643檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋  - 隱私權政策聲明